weekend on c-span two. >> you are watching c-span, your unfiltered view of government. created by america's cable television company. brought to you by your television provider. >> kelly mitchell is the author of a new book. sieber and the age of trump. america'sling of national security policy. essence, get into the what gives you a background in cybersecurity? >> i used to be editor of roll call. at inside washington publishers. we do deep dive coverage into policy areas.

cybersecurity kept popping up. was in 2012 or so. deepered at taking a dive into it. we started investigating this and decided to start a new publication called inside cybersecurity that focused on the development of cyber policy. that long ago, but it really was the stage of creation for a lot of this. bushnk president george w. was the first one who started getting into cyber as a major policy area. it exploded under the obama administration. cutting across so many issue areas. something to create that would give readers an idea of where the policy arc was going. we covered it through the second

obama administration into the trump administration. i wrote an earlier book called theed about cyber during obama years. really, the beginnings a lot of this cyber policy. i wanted to write a follow-up on how a new administration would treat this. that is what led to this book. >> when you look back at 2012, how is the sophistication of cyber growing? low staget was at a in 2012. there were a number of people who were savvy about. at congress, the level was low. people were talking about, we need to build walls that are a lot higher. around't have a mindset with the cyber challenge really

required. that has grown. there is a lot more expertise and engagement in the executive branch as well. i think everybody was a little slow to come around to this. moss whoke jeff founded the black hat conference, he said the problem is the attackers, the people who play offense are going and breaking into systems, they can have all the fun and be creative and all that. with tryinge stuck to come up to ways -- with ways to defend against that. they are forced to fight over budgets and jurisdictions. thatand things like that attackers do not have to worry about. tohas been very complicated

get to this space. i think we can say, starting with george w. bush and through the obama administration, there were a lot of efforts to build the structures around cyber policy. that was a formula of stage. when the trump administration came in, people were seeing abrupt changes in other policy areas. cyber, not so much. there was a lot of continuity with the basic policy structures. theway i look at it, under obama administration, you are putting the pieces in place to try to have an effective policy. this continues to evolve. pros who came into office in 2017, took that and ran with that. there have not -- has not been this dramatic break in the

basics. with a couple of exceptions. the trump administration has been more willing to use offensive weapon tree. i don't think the obama administration had quite gotten their. ie other key difference, would say between obama and trump as quote unquote cyber presidents is obama was pretty interested in the issue. he gave speeches on it and would go out and visit dhs and talk to the people at the national institute of standards and technology about this. idearying to project the that this was a huge national issue. does not engage in the issue that much. we can get into some of the

reasons i suspect that is the case. there has been a sharp difference in the tone, the personal interest from the oval office. that ends up creating an issue around leadership for cybersecurity. thing,n say one other one thing going back to the obama administration, the message that the u.s. government has been really pressing in industry and business leaders. the top person and an organization has to personally take responsibility for cybersecurity and show they are interested in it. that this is a cultural value within their organization. the government is telling that to companies. i would think the same thing should apply to the government. the top official in the

government should be saying this is a personal value of mine. we need to do this. spread that message both through the government but also to the partners in the private sector. that has been a real missing piece over the last couple of years. we will get into the differences between the obama administration and trump administration. can you put a dollar figure on how much is spent by the federal government in cybersecurity? charlie: there is a budget for dhs, the department of homeland is $1ty, that is -- it billion and change as they like to say in washington for siebel security, going across government. throwing the defense department spending, you get into the low billions being

spent on cyber. very smart people out there who work in the space will say, they recognize the realities of federal budgets and the battle for every penny you can get, the fact cyber is in competition with every other program. they like to match it up against the amount being lost in the global economy which runs into the trillions. cyber theft and damage. this is a multitrillion dollar cost of the global economy. it is in the high hundreds of millions -- billions. spent by the federal government is a tiny fraction of the overall cost of this. because this is very much a government private sector issue, neither side can do it on its own, you look at what the

private sector is spending. companies are spending a lot of money on this. largerlarly the companies. they devote a lot of their spending on security. it gets a little more complicated as you go down the scale and you look at smaller and smaller entities. that particularly with covid-19 have to make tough choices about where they are going to put the next dollar. their spending is constrained. we see that across different business sectors. cybersecurity,in you are only as strong as your weakest link. partsmall company that is of the value chain or the supply isin in a critical area vulnerable and gets hacked, that to getllow a bad guy

into all kinds of systems. there is a tension in trying to make sure smaller entities have the resources they need to perform the security duties that they should. a lot of this is being driven by the private sector. i think the cybersecurity agency, within dhs, has been doing a lot of work to try and get tools out to the private sector. ,articularly focusing on smb's small and midsized businesses. -- challenges the norm us en challenge is a norm us -- ormous. you have seen groups, both of which are led by former dhs cyber people, former

people, youon cyber are seeing a lot of groups like and justare going out trying very hard to get tools for free into the private sector. companies can look and see a suite of security services. that has been a valuable exercise by these groups. fair to look at cyber threats and cybersecurity as a new form of espionage? charlie: it is a aspect of it. it is interesting. you have to look at the threat actor and what the threat actor is trying to accomplish. there has been plenty of evidence in recent years, even

recent months, countries such as havea and china and iran been mapping u.s. systems, critical infrastructure systems. and i would imagine we do the same to their systems. in the event of conflict, this will be another domain of conflict for sure. arehe espionage side, there generally accepted rules you can do certain things related to gathering intelligence for your national security purposes. every side does that. 2016ig departure we saw an -- and this cretin something of a redefinition of cybersecurity, was the activities protruded to the russian government to disrupt the u.s. election. that involved direct things like

hacks into email together information. it involved these disinformation campaigns to use social media. to spread things, create antagonisms and all of that. that was a new wrinkle. i am not sure anybody was quite prepared for that. course,onse to it, of was heavily criticized. i think espionage is an aspect of it. the ability to use cyber as a quote unquote military aspect of it is a domain. this use of cyberspace, social media, as a domain to accomplish your goals is a part of it. about oval office

leadership and the change in tone from the obama administration to the trump administration. can you expand on that? trumpould say president was very interested in this issue. repeatedly.it he launched a series of initiatives that still provides some of the foundation today for cyber policy. president trump doesn't really speak on the issue. he doesn't much discuss it. he has also issued a series of havetive orders that advanced the policy and led the theall cyber policy into next evolutionary phase, if you will. you do not have that accompanying since the president is keeping track of this.

that this is a high priority for the president. probably has an impact within government read government agencies were directed by the president to framework which is kind of a foundational set of standards for securing your systems. early trump executive order, he made clear the agency heads were personally responsible for cybersecurity. which was an important evolution, saying somebody was taking responsibility. the downside was more of a checklist approach, i did this and this. rather than a risk management approach where you are incorporating cybersecurity into all of your activities and thinking about it upfront and you realize the cyber aspects of

everything you are doing as an agency are just as important as any other aspect. you don't really get the sense that idea is being driven from up top although the rules have been put in place, if you will. the leadership question that i have been very interested in, and i think we need to see more of in order to be effective is in terms of engaging with different communities in this country. i mean different business groups. civil liberties groups. civil society. drive a new set of around data security. where do the responsibilities

lie? i don't know if we have done a great job of spelling this out. i would say the transition from 2016 to 2017, to my way of looking at it, that was the next big thing that needed to happen. a strong engagement between different groups, different entities. is the way we are defining your responsibility as a company and cyberspace. this is what the government is going to do to help and protect you. this is what you need to do the help and protect yourself. rules you need to do to protect consumer data. we have seen these massive hacks of consumer data being leaked out into the dark web and all of that. we have not really defined this as of yet. i would take it overseas and say imperativeship is

trying to drive global standards and create a global system of conduct. administrationma was just getting going on that. we were very much in the early days. creating a broad international coalition around certain principles and goals seem to be the next step but that has not really been taken up. what we have seen is very particular steps aimed at chinese companies, for instance. provide techhat and telecom services. the trump administration has issued a series of orders largely aimed at getting those companies out of u.s. systems. u.s. telecoms have to strip

huawei products over the next couple of years. there is a big effort in congress to make sure that is adequately funded. i think there's about $1 billion available for it. leastl probably cost at twice that much. telecoms, particularly in rural areas, to replace their equipment. very company specific get china out of here policy rather than one where we engage with our friends in europe and japan and other countries and try to create a very durable system of global confidence about cybersecurity, use that to confront adversaries and cyberspace. you are watching the communicators on c-span. our guest is charlie mitchell.

in your book, mr. mitchell, you the ubiquity of cyber problems might make cooperation between the u.s. and china conceivable. plus president trump and president xi formed a mutual admiration society but within a year, the souring of the relationship was front page news. the relationship harmed cybersecurity issues. right.: i think there was some thought, cybersecurity, some cybersecurity goals could be achieved within the context of a grand tree to deal. of course, that did not come about when there was a deal that has been called the tree -- phase one deal. broaderot get at the

cybersecurity challenges between the two countries. this has been one of the fundamental issues during the trump administration. critics say about a lot of the actions, is it cyber or is it trade? that goes back to some of the issues raised by banning huawei. professionals will tell you there is plenty of smoke around those companies. there is reason to be suspicious. strictly going on a policy of banning companies rather than trying to create a system of standards everybody has to meet is probably less effective. another thing with this is, because trade and cybersecurity in the firsttwined

part of these negotiations, i have to imagine the chinese government looked at it as the cyber aspects are just a piece of this. maybe if we give the u.s. a little more over here, they won't care so much about the cyber elements in a deal. the trump administration anyway encouraged that. the chinese were not sure where the lines were. you probably do want to leave some uncertainty in a negotiating process, but i am not sure this was the most effective way to go at cyber. are plenty of issues between the u.s. and china. were some commonalities. on the forbes

international list that the chinese now have more companies than the u.s. does in the top 500 internationally, the largest companies internationally. when the book was published, the u.s. was narrowly in the lead but now the chinese have a clipped that. theseay in the book, chinese companies have boards of directors. they have responsibilities beyond what we perceive to be there responsibilities and obligations to the chinese communist government. businesses and they have their own hackers and plenty of them. they face some similar challenges which could create that common ground to begin working toward global standards. the chinese might be interested in that kind of approach. but we have been on a path where

we are aiming to drive companies like huawei out of the u.s. market. with some justification. we have focused our international efforts in persuading allies in europe and asia to go along with us on that. for them to ban huawei as well for instance. which is fine but not really creating a global coalition or alliance around a specific set of principles. out.nt to get this company isa way, all of the evidence we want to knock them out, that company and the biggest chinese tech companies. there seems to be a trade aspect, they are a competitor. it would be in some ways the equivalent of a foreign power

saying we really want to take down ibm or general motors. not entirely convinced of the efficacy of that approach. >> you quote a republican from mainska saying china's export's espionage. the distinction between the chinese communist party and businesses like wall weight is imaginary. we've only got a few minutes left. i want to ask you about one of your recommendations, the white house coordinator empowered by the president is essential when it comes to cybersecurity. say the i would decision in 2018 to get rid of the white house cyber coordinator, that was a mistake, i think. businesspeople in the community, the security community and others agreed that

was a major mistake. it was a john bolton decision. in thesident backed it president has not moved to replace that position. in fact, there is language in one of the annual house defense bills to create an even stronger version of that, a national cyber director. the white house opposes that. why is it important? for a number of reasons. it signals to the government, the american citizens and the world cybersecurity is a top priority. another, the issue is so dispersed as i mentioned, it touches on every domain. every department and government has a take on this. workedrdinator position very hard to talk with different

agencies to make sure they were in the same page. that they were not sending out conflicting signals to the american public and to businesses. have onendustry would set of rules to follow. a point ofs engagement for the international community. repeatedly, this foreign partners her not sure who they are supposed to talk to. ofy are not sure the level which the official, the authority of the officials they are engaging with, they are not sure how much authority they have. i would also mention a relatively high-powered state department cyber coordinator position was limited also early in the trump restriction. this factor of engaging with foreign allies has been affected by this.

if you are going to try to drive global action, you need the structure internally. you need to structure within your administration to pull these things together. synthesize these views and speak in one voice. that is something that has been missing. peter: do you foresee a potential cabinet department? charlie: it will be interesting to see in the second term. i don't think the trump administration would do that. there is a chance they might come along on a cyber director position in the second term. if there is a biden administration, i am not sure you would get to the weight of having an entire department. in light of some of the controversy over the use of dhs officers in protests recently,

there has been chatter about eating the cyber agency either out of dhs and standing at up as an independent agency or at least ensuring its independence and of ptolemy. or so then it is now. gottener work has always a lot of high praise. these folks are professionals. and are doing good work. that is in a department perennially in the political spotlight. it is always being buffeted by political wind. who spent a lot of time trying to build up dhs over the years and then trying to build up their agency have expressed deep concern the infected the have department, overwhelmed the environment around the department, can only have a

negative implication for the cyber agency. i think there could be efforts regardless of who wins the white more robustate a and independent agency for cyber on the one hand. i think that would probably be pushed more by a bible administration -- biden administration. mitchell is the author of >> you are watching c-span, your unfiltered view of government. created by america's cable television company, as a public service, wrote to you today by your television provider.

the competition is on. be a part of this year's c-span competition. middle school and high school students can be a part of the competition, by making a five or six minute documentary. be bold with your documentary. c-span video. cash prizes,l including a grand prize of $5,000. the deadline is generally one, 2021. for more information on how to get started go to our website. ♪ >> house speaker nancy pelosi and congressman jamie raskin unveiled legislation earlier today that would create a commission on presidential capacity. it